This exploit targets a remote buffer overflow vulnerability in the ATNBaseLoader100.dll module, version 5.4.0.6. It can be triggered by passing 272 characters to the Send485CMD method, causing the EIP to be overwritten. The SetLoginID, AddSite, SetScreen, and SetVideoServer methods are also vulnerable to less convenient overflows or seh overwrite.
In IOAccelContext2::clientMemoryForType the lock_busy/unlock_busy should be extended to cover all the code setting up shared memory type 2. At the moment the lock doesn't protect two threads racing where one reaches the release at +0x56AD (outside the lock) while the other is still using those raw pages via the raw pointer at IOAccelContext+0x610 inside the locked region.
The closeClient() method in IOAudioEngineUserClient class sets the audioEngine member pointer to NULL. However, the safeRegisterClientBuffer method uses the audioEngine pointer without checking if it's NULL. This can lead to a NULL pointer dereference vulnerability. By calling the getStreamForID method, which calls a virtual function on a member, an attacker can control the RIP register.
The FlaP v.1.0. Beta application is vulnerable to remote file inclusion, allowing an attacker to include and execute arbitrary files on the server. This vulnerability can be exploited by providing a malicious file path as a parameter in the affected PHP files (skin/html/table.php and login.php). The vulnerable code snippets in these files use the 'include' function to include the specified file without proper sanitization or validation.
This module exploits a remote command execution vulnerability in Apache Struts version between 2.3.20 and 2.3.28 (except 2.3.20.2 and 2.3.24.2). Remote Code Execution can be performed when using REST Plugin with ! operator when Dynamic Method Invocation is enabled.
The OpenBASE Alpha 0.6 portal is vulnerable to remote file inclusion. By manipulating the 'root_prefix' parameter in various PHP files, an attacker can execute arbitrary remote files on the server.
The vBulletin Google Site Map Creator script is vulnerable to remote file inclusion. This vulnerability allows an attacker to include and execute arbitrary files from remote servers, potentially leading to remote code execution.
The exploit allows an attacker to write NULL bytes below the &line[0] by supplying negative lengths, leading to a buffer overflow. This can be exploited to execute arbitrary code on the target system.
The Notilus software is vulnerable to SQL injection attacks, specifically in the password modification fields.
This exploit allows an attacker to overwrite WP options in the Newspaper WP Theme.